Return of Pointer Value Outside of Expected Range

Draft Base

Structure: Simple

Description

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read MemoryModify Memory

References 2

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Katrina Tsipenyuk, Brian Chess, and Gary McGraw

NIST Workshop on Software Security Assurance Tools Techniques and Metrics • NIST

07-11-2005

https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf

ID: REF-6

24 Deadly Sins of Software Security

Michael Howard, David LeBlanc, and John Viega

McGraw-Hill

2010

ID: REF-44

Applicable Platforms

Languages:

C : UndeterminedC++ : Undetermined

Modes of Introduction

Implementation

Functional Areas

Memory Management

Affected Resources

Memory

Related Weaknesses

ChildOf:

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

ChildOf:

Improper Input Validation (CWE-20)

Taxonomy Mapping

7 Pernicious Kingdoms
Software Fault Patterns

Notes

MaintenanceThis entry should have a chaining relationship with Improper Restriction of Operations within the Bounds of a Memory Buffer instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another.